Resolved Cannot load any search engine websites in any of my browsers

Status
Not open for further replies.

ga41

Posts: 15   +0
Hello there, i was wondering if you can provide some help with my problem. Before we begin i'd like to say that English is not my first language and i apologise in advance if i dont make myself clear at any point.

The last 2 days i've had a few problems on my computer at work. The office is owned by me and we do not have a dedicated IT guy but my PC's are all with all the latest Windows updates and with updated A/V software.

The problem i've had is that my Internet browsers wouldn't load any search engine websites like http://www.google.com or http://www.bing.com. All other websites worked fine. I tried them in Opera (my main browser), Chrome and Firefox. All updated to their latest versions. Opera has a feature called Opera Turbo which essentially routes all traffic through their servers for faster browsing on slow connections, if i used Opera Turbo i could load search engines normally. If i turned it off but was already on google.com for example i could still use it and search but if i tried to type the URL manually again it wouldn't load.

On a possibly related note my work software which requires a Java based secure VPN client to work wouldn't connect either. Our helpdesk for that program told me to delete all files (including the Hosts file) in here C:\WINDOWS\system32\drivers\etc That fixed that problem but i still couldn't load the websites mentioned above.

I have Microsoft's Security Essentials on my PC which is always updated and which performs a scheduled quick scan daily. After my problem i scanned my PC with full scans using Malwarebytes Anti-malware, Spybot Search & Destroy (which i also use to immunize the PC weekly) and my antivirus, they did not find anything apart from a couple of tracking cookies in Spybot and the problem persisted.

After searching a bit i discovered this forum and through reading here i also downloaded SUPERAntispyware and ComboFix and scanned with those too, SUPERAntispyware found only one entry, i then booted in Safe Mode and scanned again with both SUPERAntispyware and Security Essentials, SUPERAntispyware found 1 entry again and Security Essentials nothing.

When i rebooted again it seemed everything was OK, all search engines could be accessed fine, that was 2 days ago, yesterday all was well throughout the day but this morning the problem returned. I scanned once more with ComboFix and that seemed to do the trick but i'm worried that the problem might return again.

I've now followed the 6 step instructions and here are my logs:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7780

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

23/09/2011 12:02:38
mbam-log-2011-09-23 (12-02-38).txt

Scan type: Quick scan
Objects scanned: 209802
Time elapsed: 6 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-09-23 12:04:43
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e Hitachi_HDS721616PLA380 rev.P22OABBA
Running: wj7ur0pe.exe; Driver: C:\DOCUME~1\Sabre\LOCALS~1\Temp\pxtdqpow.sys


---- System - GMER 1.0.15 ----

Code \??\C:\DOCUME~1\Sabre\LOCALS~1\Temp\catchme.sys pIofCallDriver

---- Threads - GMER 1.0.15 ----

Thread System [4:120] 8A75111D
Thread System [4:380] 8A4A2B90

---- EOF - GMER 1.0.15 ----




.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_27
Run by Sabre at 12:05:45 on 2011-09-23
Microsoft Windows XP Professional 5.1.2600.3.1253.30.1033.18.2038.1268 [GMT 3:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Iomega StorCenter\retrospect\retrorun.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\SABRE\Apps\OADP\Oadp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\Pelmiced.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\KeePass Password Safe\KeePass.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\SABRE\Apps\OADP\OadpUtil.exe
C:\WINDOWS\sabserv.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Documents and Settings\Sabre\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Iomega StorCenter\retrospect\retrospect.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.msn.com
mStart Page = hxxp://www.msn.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: {D79559E8-9991-41C5-AA2B-A96EC766F43F} - No File
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [KeePass Password Safe 2] "c:\program files\keepass password safe\KeePass.exe"
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [Mouse Suite 98 Daemon] ICO.EXE
mRun: [RetroExpress] c:\progra~1\iomega~1\retros~1\RetroExpress.exe /h
mRun: [KeePass 2 PreLoad] "c:\program files\keepass password safe\KeePass.exe" --preload
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [MobileBroadband] c:\program files\vodafone\vodafone mobile broadband\bin\MobileBroadband.exe /silent
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\documents and settings\sabre\start menu\programs\startup\CleanupNortelVPN.bat
StartupFolder: c:\docume~1\sabre\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\sabre\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\sabre\startm~1\programs\startup\opera.lnk - c:\program files\opera\opera.exe
StartupFolder: c:\docume~1\sabre\startm~1\programs\startup\outloo~1.lnk - c:\windows\installer\{90120000-0011-0000-0000-0000000ff1ce}\outicon.exe
StartupFolder: c:\docume~1\sabre\startm~1\programs\startup\sabrer~1.lnk - c:\program files\sabre red workspace\profiles\t252_9114\mysabre.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Iomega StorCenter.lnk.disabled
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\oadput~1.lnk - c:\sabre\apps\oadp\OadpUtil.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sabrep~1.lnk - c:\sabre\Sabstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sabres~1.lnk - c:\windows\sabserv.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: agentware.net\sabre-ds2
Trusted Zone: sabre.com
Trusted Zone: sabre.com\my
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1226583171046
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {A3E21079-7F41-4125-9EBB-FD44CFCC0AC1} - hxxps://www.mesh.com/0.9.4014.13/TSWeb.cab
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\sabre\application data\mozilla\firefox\profiles\p1wgld9n.default\
FF - prefs.js: browser.startup.homepage - hxxp://home.live.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 58586
FF - prefs.js: network.proxy.type - 0
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
R1 MpKsl3af437c8;MpKsl3af437c8;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cd692024-b02a-4351-a6e3-d0d7e4802cdf}\MpKsl3af437c8.sys [2011-9-23 28752]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-12-8 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-9-17 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-12-17 47640]
R2 SabrePrint;Sabre Printing Module;c:\sabre\apps\oadp\Oadp.exe [2009-12-18 512000]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S1 MpKsl1ac233c6;MpKsl1ac233c6;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{181b85ea-3007-4f50-8cac-046597edc401}\mpksl1ac233c6.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{181b85ea-3007-4f50-8cac-046597edc401}\MpKsl1ac233c6.sys [?]
S1 MpKslcffc1fbb;MpKslcffc1fbb;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{514988c4-e1d6-4f72-9357-5fd756d135f7}\mpkslcffc1fbb.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{514988c4-e1d6-4f72-9357-5fd756d135f7}\MpKslcffc1fbb.sys [?]
S2 CfgSrvc;Config Service Helper;c:\windows\system32\CfgSrvc.exe [2007-8-9 55296]
S2 gupdate1c98697a6707e86;Google Update Service (gupdate1c98697a6707e86);c:\program files\google\update\GoogleUpdate.exe [2009-2-4 133104]
S2 HsspConfig;HSSP Configuration Module;c:\windows\system32\CfgSrvc.exe [2007-8-9 55296]
S2 SDMan;Sabre Device Manager;c:\windows\sdman.exe [2009-12-18 106496]
S2 VmbService;Υπηρεσία Vodafone Mobile Broadband;c:\program files\vodafone\vodafone mobile broadband\bin\VmbService.exe [2010-8-18 8704]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2010-10-16 30312]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2011-9-22 114432]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-10-16 36640]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-2-4 133104]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-8-18 2151640]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-8-18 15232]
S3 RDPDISPM;RDPDISPM;c:\windows\system32\drivers\rdpdispm.sys [2008-12-8 9040]
S3 RDPVDD;RDPVDD;c:\windows\system32\drivers\rdpvmp.sys [2008-12-8 19408]
S3 SASENUM;SASENUM;\??\c:\docume~1\sabre\locals~1\temp\sas_selfextract\sasenum.sys --> c:\docume~1\sabre\locals~1\temp\sas_selfextract\SASENUM.SYS [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2010-10-16 96488]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2010-10-16 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2010-10-16 121576]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2010-10-16 98152]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2011-09-23 08:44:59 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cd692024-b02a-4351-a6e3-d0d7e4802cdf}\MpKsl3af437c8.sys
2011-09-23 08:44:55 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cd692024-b02a-4351-a6e3-d0d7e4802cdf}\offreg.dll
2011-09-23 08:44:50 7269712 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cd692024-b02a-4351-a6e3-d0d7e4802cdf}\mpengine.dll
2011-09-23 08:16:50 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-22 12:36:51 -------- d-----w- c:\documents and settings\sabre\application data\FLEXnet
2011-09-22 12:30:25 114432 ----a-r- c:\windows\system32\drivers\ewusbnet.sys
2011-09-22 12:30:18 102912 ----a-r- c:\windows\system32\drivers\ewusbmdm.sys
2011-09-22 12:29:29 -------- d-----w- c:\documents and settings\sabre\application data\Vodafone
2011-09-22 12:28:37 -------- d-----w- c:\documents and settings\all users\application data\Vodafone
2011-09-22 12:28:23 -------- d-----w- c:\program files\Vodafone
2011-09-22 12:28:00 -------- d-----w- c:\documents and settings\sabre\local settings\application data\{11814DDC-A01D-4672-A4EE-313C63070E35}
2011-09-22 06:33:13 -------- d-sha-r- C:\cmdcons
2011-09-22 06:30:52 98816 ----a-w- c:\windows\sed.exe
2011-09-22 06:30:52 518144 ----a-w- c:\windows\SWREG.exe
2011-09-22 06:30:52 256000 ----a-w- c:\windows\PEV.exe
2011-09-22 06:30:52 208896 ----a-w- c:\windows\MBR.exe
2011-09-21 10:21:31 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-09-21 09:40:07 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-09-13 14:18:53 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-09-13 14:18:52 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-09-03 10:17:37 599040 ------w- c:\windows\system32\dllcache\crypt32.dll
.
==================== Find3M ====================
.
2011-09-23 08:16:26 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-31 14:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-17 05:17:22 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-11 10:06:38 385099 ----a-w- c:\windows\emuapi.dll
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-06 13:32:48 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-07-06 13:32:36 53632 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2011-07-06 13:32:28 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-07-06 13:32:28 29568 ----a-w- c:\windows\system32\LMIport.dll
.
============= FINISH: 12:06:39.70 ===============




.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 09/08/2007 17:39:36
System Uptime: 22/09/2011 09:43:47 (1 hours ago)
.
Motherboard: LENOVO | | LENOVO
Processor: Intel(R) Pentium(R) Dual CPU E2140 @ 1.60GHz | LGA 775 | 1594/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 145 GiB total, 112.599 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom NetLink (TM) Gigabit Ethernet
Device ID: PCI\VEN_14E4&DEV_169A&SUBSYS_300B17AA&REV_02\4&360A6DE&0&00E1
Manufacturer: Broadcom
Name: Broadcom NetLink (TM) Gigabit Ethernet
PNP Device ID: PCI\VEN_14E4&DEV_169A&SUBSYS_300B17AA&REV_02\4&360A6DE&0&00E1
Service: b57w2k
.
==== System Restore Points ===================
.
RP1: 22/09/2011 09:31:04 - System Checkpoint
.
==== Installed Programs ======================
.
ABBYY FineReader 6.0 Sprint
Acrobat.com
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
Adobe Shockwave Player 11.5
Bing Maps 3D
CCleaner
Critical Update for Windows Media Player 11 (KB959772)
Dropbox
Epson Easy Photo Print 2
EPSON Scan
EPSON Stylus SX100_TX100 Manual
EPSON SX100 Series Printer Uninstall
EPSON Web-To-Page
Foxit PDF Editor
Foxit PDF Preview Handler for XP
Foxit Reader
Free Extended Task Manager
GIMP 2.6.10
Google Chrome
Google Earth
Google Talk Plugin
Google Update Helper
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Graphics Media Accelerator Driver
Iomega StorCenter
Java Auto Updater
Java(TM) 6 Update 25
KeePass Password Safe 2.16
Live Mesh Remote Desktop Service
LogMeIn
MagicDisc 2.7.105
Malwarebytes' Anti-Malware version 1.51.2.1300
MFC RunTime files
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Greek) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 6-9 Converter
Mouse Suite
Mozilla Firefox 6.0.2 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MySabre
OGA Notifier 2.0.0048.0
Open Systems Client
Opera 11.51
PDFCreator
Picasa 3
QT Lite 3.1.0
Retrospect Express HD 2.5
Revo Uninstaller 1.92
Sabre Device Manager
Sabre Print Module
Sabre VPN
SAMSUNG USB Driver for Mobile Phones
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Skype™ 5.3
Smart Defrag 1.20
SoundMAX
Spybot - Search & Destroy
SUPERAntiSpyware
System Update
ThinkVantage Technologies Welcome Message
Tweak UI
Unlocker 1.8.7
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 Help (KB957243)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB957249)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Script Editor Help (KB957253)
Update for Microsoft Windows (KB971513)
Update for Outlook 2007 Junk Email Filter (KB2553110)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB969497)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ 8.0 ATL (x86) WinSXS MSM
Visual C++ 8.0 CRT (x86) WinSXS MSM
VLC media player 1.1.5
Wallpapers
WebEx
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Messenger
Windows Live Upload Tool
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows Search 4.0
Windows XP Service Pack 3
WinRAR archiver
XP Themes
YNAB 3
.
==== Event Viewer Messages From Past Week ========
.
22/09/2011 10:18:43, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
22/09/2011 09:42:05, error: PlugPlayManager [11] - The device Root\LEGACY_UNLOCKERDRIVER5\0000 disappeared from the system without first being prepared for removal.
22/09/2011 09:35:33, error: Service Control Manager [7034] - The Sabre Device Manager service terminated unexpectedly. It has done this 1 time(s).
22/09/2011 09:35:33, error: Service Control Manager [7034] - The HSSP Configuration Module service terminated unexpectedly. It has done this 1 time(s).
22/09/2011 09:35:33, error: Service Control Manager [7034] - The Config Service Helper service terminated unexpectedly. It has done this 1 time(s).
22/09/2011 09:32:41, error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
21/09/2011 15:40:51, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd
21/09/2011 10:18:53, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd SASDIFSV SASKUTIL
.
==== End Of File ===========================
 
Welcome to TechSpot! I'll help you sort through this problem:

My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me.
  • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
  • Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
  • Observe these:
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.
  • Please let me know if there is any change in the system.

If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================
I'd like to get some description of what's happening:

Cannot load any search engine websites
Do you mean that you have no search box on any of the browsers?
Do you mean that is you put a word in a search box and press enter that nothing comes up/
Do you mean that when the sites do come up on the search page and you choose a site that a different site come up?
Do you mean that when you choose a site from a search that it doesn't load-or-you get a message like 'server no found-or-just see an hour glass with nothing happening?
===================================
 
=====================================
I'd like to get some description of what's happening:

Cannot load any search engine websites
Do you mean that you have no search box on any of the browsers?
Do you mean that is you put a word in a search box and press enter that nothing comes up/
Do you mean that when the sites do come up on the search page and you choose a site that a different site come up?
Do you mean that when you choose a site from a search that it doesn't load-or-you get a message like 'server no found-or-just see an hour glass with nothing happening?
===================================

Hello Bobbye, thank you for the reply.

To answer your questions:

1) I had all search boxes in all my browsers.

2) If i put a search term in one of the browser search boxes it would not load the result page, it would try to load it for a few minutes and then display a "Server could not be found" type message. The same thing would happen if i manually typed www.google.com or www.bing.com in the address bar.

3) No i did not get redirected to different sites than the ones displayed because i couldn't get results anyway.

4) As above.
 
This is a connection problem.

When you launch your browser, does it load with your homepage?

All other websites loaded fine, only ones which wouldn't load either when typing the address manually or when doing a search from a browser search box were search engine websites like google.com. I could ping www.google.com from cmd but i could still not load it in any of my browsers.
 
Back in the office this morning and it appears that whatever i did to repair this issue gets undone after a restart... I booted the computer and trying to access www.google.com or its subdomains results in this message in Chrome (Error 101 (net::ERR_CONNECTION_RESET): The connection was reset.)

All other websites work as normal, i also checked my Hosts file and there doesnt seem to be any funny lines in there.
 
Chrome (Error 101 (net::ERR_CONNECTION_RESET): The connection was reset.)
Thank you for giving me the error message- that makes my job a lot easier!

All below are offered from Google Support:
Causes: The majority of the time, they have to do with your own system configuration/setup or 3rd party programs that you install and are therefore outside of our control. For these cases, we provide the following suggestions:

Resolutions:
If this problem is still occurring for you and is only specific to Google Chrome, can you try clearing your browsing data
To clear your browsing data, follow these steps:
  • Click the Wrench menu in the upper right corner
  • Select 'Clear browsing data'
  • Ensure that check boxes for 'Clear browsing history' and 'Empty the cache' are selected
  • Click 'Clear browsing data'

Check settings:
  • Check your Internet connection.
  • Restart any router, modem, or other network devices you may be using.
  • Add Chrome as a permitted program in your firewall or antivirus software's settings.
  • If it is already a permitted program, try deleting it from the list of permitted programs and adding it again.
  • If you use a proxy server, check your proxy settings or contact your network administrator to make sure the proxy server is working.
  • If proxy isn't needed, reset as follows:
    [o]Go to the wrench menu > Options > Under the Hood > Change proxy settings
    [o] LAN Settings> uncheck Use a proxy server for your LAN

It appears that this is a fairly common error. Please let me know if one of these options worked for you.

You did not mention having a problem running Malwarebytes, but on some occasions the malware will not allow a direct download of Mbam, but if it is first downloaded to a flash drive, then run on the problem computer, the scan will run.
 
The problem is that it does not do this only in Chrome. It does this in Opera, Internet Explorer and Firefox too. All these browsers are their latest versions.

I've also cleaned the browsing data in all of them previously without any effect.

All other websites work fine apart from www.bing.com and www.google.com and other search engines.

I've also checked my connection settings several times and they are normal.

Other PC's in the office which are on the same network and using the same Internet connection can access the above websites without issues. It's only mine that is unable to.

I also have no problems opening and using Malwarebytes and i've scanned with it several times already (although no scans of any kind since i posted the thread!).

For reference these are the error messages in the other browsers:

Firefox:

The connection was reset
The connection to the server was reset while the page was loading.


Opera:

Connection closed by remote server


Internet Explorer:

Internet Explorer cannot display the webpage

This problem can be caused by a variety of issues, including:

Internet connectivity has been lost.
The website is temporarily unavailable.
The Domain Name Server (DNS) is not reachable.
The Domain Name Server (DNS) does not have a listing for the website's domain.
There might be a typing error in the address.
If this is an HTTPS (secure) address, click Tools, click Internet Options, click Advanced, and check to be sure the SSL and TLS protocols are enabled under the security section.
 
Thanks for your patience. I got behind last weekend and am trying to catch up.

Internet connectivity has been lost.
The website is temporarily unavailable.
The Domain Name Server (DNS) is not reachable.
The Domain Name Server (DNS) does not have a listing for the website's domain.
There might be a typing error in the address.
If this is an HTTPS (secure) address, click Tools, click Internet Options, click Advanced, and check to be sure the SSL and TLS protocols are enabled under the security section.
Any or most of these can be the problem. But it indicates a system problem rather that malware.

Let's work on the protocol settings first:

For Internet Explorer:
Open Internet Options through Control Panel or Tools in IE> Advanced tab> Security section at bottom> Make sure all three of these are checked:
SSL 2.0
SSL 3.0
TLS 1.0
Click on Apple> OK when done.

For Firefox:
Tools> Options> Advanced tab> Encryption tab> Make sure both of these are check:
SSL 3.0
TLS 1.0

Chrome should have a similar section. Open Chrome and find the section, making sure any or all of these protocols are checked.

See if that makes any difference.
 
Thanks for your patience. I got behind last weekend and am trying to catch up.


Any or most of these can be the problem. But it indicates a system problem rather that malware.

Let's work on the protocol settings first:

For Internet Explorer:
Open Internet Options through Control Panel or Tools in IE> Advanced tab> Security section at bottom> Make sure all three of these are checked:
SSL 2.0
SSL 3.0
TLS 1.0
Click on Apple> OK when done.

For Firefox:
Tools> Options> Advanced tab> Encryption tab> Make sure both of these are check:
SSL 3.0
TLS 1.0

Chrome should have a similar section. Open Chrome and find the section, making sure any or all of these protocols are checked.

See if that makes any difference.

No problem, i know you guys get many requests. I'm not in the office now (we're on different timezones, different continents in fact! :) ) but i'll try your suggestions tomorrow and report back.

By the way it still did today when i was using it. I was switching between Opera Turbo back and forth whenever i needed to search for something!
 
Just did it now in all my browsers but no dice. Problem still persists.

Firefox and Chrome already had them enabled, Internet Explorer only had TLS 1.0 disabled and so did Opera.
 
Internet Explorer only had TLS 1.0 disabled and so did Opera.

Did you enable it? After making sure all secure layers are enabled, please reboot and check to see if this makes the difference.
 
Did you enable it? After making sure all secure layers are enabled, please reboot and check to see if this makes the difference.

I enabled them, it still didn't make any difference but to be honest i don't remember if i rebooted afterwards. I'll try again on Monday and report back.
 
Okay, let me know.

Just cold booted my PC now and tried to access www.google.com and www.bing.com, they did not load. Re-checked all my browsers and all security protocols are enabled...

When it first started doing this, before i posted the thread, i noticed that after running Combofix the problem seemed to be resolved but come reboot it reverted back... Whatever Combofix did, it was cancelled out when i rebooted. Definitely strange.
 
Okay, about "After searching a bit i discovered this forum and through reading here i also downloaded SUPERAntispyware and ComboFix" and "the problem returned. I scanned once more with ComboFix "

This forum and most others on the internet tell you specifically not to run Combofix unless being directed to do so by your helper. This is a very powerful program- it's not a program you run to 'clear things up!

If you still have Combofix on the desktop, I'd like to see the second run log- please paste it in your next reply.

If you do not, let me know and I will give you specific directions on what to do.
==========================================
Questions:
1. There are several processes running for LogMeIn, but the S4 LMIRfsClientNP;LMIRfsClientNP Service is stopped and disabled. Are you using this remove log in now? Did you disable this Service? If Yes, why?; [x]>

2. Why do you have all of these on the Startup menu?
StartupFolder: c:\documents and settings\sabre\start menu\programs\startup\CleanupNortelVPN.bat
StartupFolder: c:\docume~1\sabre\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\sabre\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\sabre\startm~1\programs\startup\opera.lnk - c:\program files\opera\opera.exe
StartupFolder: c:\docume~1\sabre\startm~1\programs\startup\outloo~1.lnk - c:\windows\installer\{90120000-0011-0000-0000-0000000ff1ce}\outicon.exe
StartupFolder: c:\docume~1\sabre\startm~1\programs\startup\sabrer~1.lnk - c:\program files\sabre red workspace\profiles\t252_9114\mysabre.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Iomega StorCenter.lnk.disabled
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\oadput~1.lnk - c:\sabre\apps\oadp\OadpUtil.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sabrep~1.lnk - c:\sabre\Sabstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sabres~1.lnk - c:\windows\sabserv.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

Can't you access these as needed instead of having them start on boot, the run in the background?
---------------------------
3. There is also an entry for AdAware:
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]>>Related to Lbd.sys Lavasoft Ad-Aware.
It's stopped with no 'start' instructions and I don't see it in the installed programs. Have you uninstalled it?

4.There are multiple entries for SABRE and SABSERV running:
C:\SABRE\Apps\OADP\Oadp.exe???
C:\SABRE\Apps\OADP\OadpUtil.exe
C:\WINDOWS\sabserv.exe>> Sabreserver SABSERV.EXE
As far as I can tell, this is Airline reservation software from Sabre. Available via Start -> Programs

5. There is a proxy running:
Proxy: mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
Is that what this is? FF - prefs.js: network.proxy.http_port - 58586
=======================================
I'd like you to try this:
Open Firefox> Right click on the upper toolbar> Customize> there is an entry names 'Search' with an icon> drag it up to the toolbar and drop. Does that give you the search option in Firefox?
 
I have not run Combofix again since i started this thread, i've just left work so if you still want to i will provide a log tomorrow.

1) I do not remember stopping any Logmein service.

2) The only items i manually added to the Startup folder were Outlook, Opera and Sabre Red (mysabre.exe, my work software) to save me having to click all 3 every morning. The rest were added during their installation, Dropbox for example i use regularly and would like to have running all the time and StorCenter is Iomega's utility for our NAS which does daily backups.

3) I had installed AdAware yes but i really do not recall if i've uninstalled it or not. I dont remember doing so but again i cannot check at the moment.

4) Yes, Sabre is our work software, i do not know what all the entries are for though.

5) I have no knowledge of any proxy running, i had checked and did not see anything different with my connection settings, everything was in set to get the settings automatically but will check again tomorrow.

6) All the search boxes are present and accounted for, it's just that using them does not work. I type my search terms, press enter and a tab opens which would load a URL like this: http://www.google.com/search?q=test...s=org.mozilla:en-US:official&client=firefox-a Well that URL never opens. It just results in the error messages i posted earlier. The same thing happens if i manually type http://www.google.com or http://www.bing.com. It doesnt load those websites.
 
I think it will be better when you're posting with access to the thread.

Just cold booted my PC now and tried to access www.google.com and www.bing.com, they did not load. Re-checked all my browsers and all security protocols are enabled...

2) If i put a search term in one of the browser search boxes it would not load the result page, it would try to load it for a few minutes and then display a "Server could not be found" type message. The same thing would happen if i manually typed www.google.com or www.bing.com in the address bar.

If you type this: www.google.com in the Address bar, it will not load the site. It has to have the http:// or https before the www. You should just get a drop down list in the Address bar where it can choose what you want to load. If you type bing in the Search bar, you will get a screen full of sites with 'bing' in the name. If you check one of those, the site should them load.

Your toolbar at the top of the screen should have 2 dialog boxes: one is for the search engine which you use to find a URL related to the search term you type in. The other is to accept the URL written in the full, correct context with http:// or https before the www.

If you have a Bookmark/Favorite or a shortcut on your desktop that already had the full URL for the web page/site, if you click on it, link should then appear in the Address bar as the site loads.

If you have copied a URL or if you know it exactly, you can either paste or type it into the Address bar, press Go or Enter and that URL should load.

The input for the search engine and the Address Bar are not the same, nor are they interchangeable. So you would not expect Bing to load if you just put that word in the Address bar, nor would you expect http://www.bing.com to load if you put it in the search box.
Again, I think you are considering a search engine and Address bar together.
For instance If you have the search box on the browser, whether it's Google or Bing or any other, you shouldn't type http://www.google.com or http://www.bing.com in the search box> you're already there.

If you have a Google search box and you would rather use Bing, then you type only the word Bing in the search box.

If you type a full URL in the right context, it must go into the Address Bar to load it.

A search engine looks for web pages that match your search term. Then you choose one of those pages, and you go to that site.

To load the site directly, the http' and 'www' are required in addition to the site domain[/b]

These are not interchangeable- they each have a purpose and the each require different entries.
=======================================
Virtually every program that you install put itself on the Start Menu. When installing, there is usually a box for 'Common' install which put the program everywhere it can. The other choice is 'Custom' which allows you to check or uncheck it's placement.

However, keep in mind that those programs that start on boot will continue running in the background. So as you surf, temporary internet files and temp files are added. The will usually lead to some slowdown as more resources are used.

If you prefer to chance that instead of simply launching the program as needed, it's your call. Convenience vs resources is usually degrading at some point.
==================================
I do not make any changes to work software.
===================================
I have not run Combofix again since i started this thread, i've just left work so if you still want to i will provide a log tomorrow.
You ran it once and it seemed to fix whatever the problem was. Then when the problem returned, you ran it again. The log I want is from that second runif you still have it.

If you do not, I don't want you to run it again until I instruct you in how to uninstall it, then reinstall with my link. I just want to see what's it's removing that appears to help, at least for a while.
==================================
Why I asked you about this : S4 LMIRfsClientNP;LMIRfsClientNP; [x]
The S4 designation on this Service means it's stopped (S) and disabled(4)
This same entry can be either:
1. Name:LMIRfsClientNP> File Name> LMIRfsClientNP.sys> Description: Added by an unidentified MALWARE! X
or
2. Name: LMIRfsClientNP> File Name> LMIRfsClientNP.dll> Related to LMIRfsClientNP.dll from LogMeIn, Inc. L

The file extension is what makes the difference. Your entry had no file extension.

====================================
I have no knowledge of any proxy running, i had checked and did not see anything different with my connection settings, everything was in set to get the settings automatically but will check again tomorrow.
There is a proxy running in Firefox: FF - prefs.js: network.proxy.http_port - 58586
Did you reset as instructed?
=================================
I ask questions to try to give the user information that could affect entries I might remove. I do it because it would help the system. You prefer to have everything running and using the system resources- that's okay.
 
I know the difference between the address bar and the search box. I referenced each one seperately if you read back. Typing just www.google.com in the address bar the browser will append http:// in front anyway.

Either case i tried again and they will not load even if i type these full URLs in the address bar in all 4 of my browsers.

https://www.google.com/

http://www.google.com/

https://www.bing.com

http://www.bing.com

=============================================

I unfortunately do not have the log you requested.. I checked in the Recycle Bin as well but it's not there unless the program stores a copy of the logs somewhere i don't know.

=============================================

Why I asked you about this : S4 LMIRfsClientNP;LMIRfsClientNP; [x]
The S4 designation on this Service means it's stopped (S) and disabled(4)
This same entry can be either:
1. Name:LMIRfsClientNP> File Name> LMIRfsClientNP.sys> Description: Added by an unidentified MALWARE! X
or
2. Name: LMIRfsClientNP> File Name> LMIRfsClientNP.dll> Related to LMIRfsClientNP.dll from LogMeIn, Inc. L

The file extension is what makes the difference. Your entry had no file extension.


I apologise but i don't understand what i'm supposed to do regarding this.

=============================================

I checked again just now and Firefox is not set up to use a proxy.

=============================================

Regarding your previous question about AdAware, it is installed but i have Ad-Watch Live disabled.
 
Uninstall ComboFix and all Backups of the files it deleted
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
CF_Uninstall-1.jpg
[/list]
====================================
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once installed, you should see a blue screen prompt that says:
    The Recovery Console was successfully installed.
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
====================================
You are using LogMeIn. The following process is a part of LogMeIn. But it is not running and it has been disabled. The description is:
Display Name: LogMeIn Rfs Client Network Provider
Filename: LMIRfsClientNP.dll

I have looked for a description of what this files actually does, but LMI isn't giving that information. It is possible that this should be running. Please check another computer in the office and see what the status is.
=========================================
We don't seem to be making much progress. There are 2 things puzzling me- still>
All other websites work fine apart from www.bing.com and www.google.com and other search engines.

How do you access TechSpot?

Don't you have a search engine that you routinely use in the browser?

If you type the word bing in the browser search box, what happens?

I am just not understanding the reason for searching for a search engine!
 
We don't seem to be making much progress. There are 2 things puzzling me- still>


How do you access TechSpot?

Don't you have a search engine that you routinely use in the browser?

If you type the word bing in the browser search box, what happens?

I am just not understanding the reason for searching for a search engine!

I will perform your Combofix instructions as soon as i get back to the office tomorrow.

I used to use Google as my search engine but as mentioned i can't anymore. The only way for me to access http://www.google.com or make a Google search from a search box is with Opera if i have Opera Turbo enabled (http://www.opera.com/browser/turbo/)

I first accessed Techspot by typing the https://www.techspot.com URL in the address bar but now i just type "techspot" and pick it from the previous addresses.

As i said before i am not searching for the term "bing" or "google" i'm trying to perform a search. Period. Trying to perform a search for any term from the search box of any browser will not give me any results.

For example, i type the word "test" in the search box in Opera, I press enter and it tries to load this URL: http://www.google.com/search?client...rceid=opera&ie=utf-8&oe=utf-8&channel=suggest Now, that URL never actually finishes loading. It just remains "Loading" for a few minutes and then displays Opera's "Page not found" message.

The equivalent thing happens with Internet Explorer, Chrome and Firefox.

Again, I am NOT initiating a search for the words "Google" or "Bing" or "Yahoo" or "www.google.com" or whatever, I'm simply trying to perform A Search.

Now you could assume that the problem then lies with the browser's settings, which is what i initially thought. So i tried to access Google's website and search from there. I manually typed in the address bar www.google.com or http://www.google.com and even https://www.google.com and they too did NOT load. All the progress bars and whatnot were displaying "Loading" as they would for any other page but the websites would not actually load, no data would be downloaded. Eventually all browsers will display their equivalent "Page not found" messages. Which is what has led me to believe that this might be malware related. All other websites work fine, they load at normal speeds without issue. It's only search engines that cannot be accessed.

Hope this makes things a bit clearer and i'd like to say that i do appreciate you taking the time to reply and try and help me with these issues.
 
A Host hijack can do this, but that would usually show up in one of the prelim logs. I apologize if I sounded like I was patronizing you. I'd like you to go ahead and run HijackThis If the log comes out with multiple entries like these
O1 - Hosts file is located at: C:\WINDOWS\help\hosts
O1 - Hosts: 88.88.88.88 elite
O1 - Hosts: 207.44.220.30 www.google.ca


we can fix them and get you back to being able to search!
 
OK, i downloaded HijackThis from here: http://free.antivirus.com/hijackthis/ (version 2.0.4), saved the executable to my desktop, ran it and clicked on "Do a system scan and save a logflie".

The only Hosts-related entries i can see are only about my work software. :(

Here's the log if it's of help:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:20:01, on 07/10/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\CfgSrvc.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\WINDOWS\system32\CfgSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Iomega StorCenter\retrospect\retrorun.exe
C:\WINDOWS\SDMan.EXE
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\SABRE\Apps\OADP\Oadp.exe
C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\FSRremoS.EXE
C:\PROGRA~1\IOMEGA~1\RETROS~1\RetroExpress.exe
C:\WINDOWS\system32\Pelmiced.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\KeePass Password Safe\KeePass.exe
C:\SABRE\Apps\OADP\OadpUtil.exe
C:\WINDOWS\sabserv.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Documents and Settings\Sabre\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Sabre Red Workspace\Profiles\T252_9114\mysabre.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Documents and Settings\Sabre\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Iomega StorCenter\retrospect\retrospect.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Sabre\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O1 - Hosts: 127.0.0.34 ofep34.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.23 ofep23.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.36 fos.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.8 ofep08.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.21 ofep21.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.32 ofep32.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.44 access.certd.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.36 frt.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.28 ofep28.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.30 ofep30.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.6 ofep06.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.41 access.tstsa.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.26 ofep26.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.4 ofep04.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.35 ofep35.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.24 ofep24.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.37 lb1.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.39 tsts.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.39 access.tsts.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.33 ofep33.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.9 ofep09.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.22 ofep22.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.29 ofep29.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.40 cert.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.31 ofep31.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.7 ofep07.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.40 access.cert.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.20 ofep20.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.43 access.certc.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.42 access.tstsb.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.27 ofep27.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.5 ofep05.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.36 decs.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.25 ofep25.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.38 lb2.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.3 ofep03.sabre.com # Nortel SSL-VPN
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {D79559E8-9991-41C5-AA2B-A96EC766F43F} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\IOMEGA~1\RETROS~1\RetroExpress.exe /h
O4 - HKLM\..\Run: [KeePass 2 PreLoad] "C:\Program Files\KeePass Password Safe\KeePass.exe" --preload
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [MobileBroadband] C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [KeePass Password Safe 2] "C:\Program Files\KeePass Password Safe\KeePass.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Sabre\Application Data\Dropbox\bin\Dropbox.exe
O4 - Startup: Opera.lnk = C:\Program Files\Opera\opera.exe
O4 - Startup: Outlook 2007.lnk = ?
O4 - Startup: Sabre Red Workspace.lnk = C:\Program Files\Sabre Red Workspace\Profiles\T252_9114\mysabre.exe
O4 - Global Startup: Iomega StorCenter.lnk.disabled
O4 - Global Startup: OADP Utility.lnk = C:\SABRE\Apps\OADP\OadpUtil.exe
O4 - Global Startup: Sabre Printing Start.lnk = C:\SABRE\Sabstart.exe
O4 - Global Startup: Sabre Server.lnk = C:\WINDOWS\sabserv.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1226583171046
O16 - DPF: {A3E21079-7F41-4125-9EBB-FD44CFCC0AC1} (WLCTSCControl Class) - https://www.mesh.com/0.9.4014.13/TSWeb.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Config Service Helper (CfgSrvc) - Unknown owner - C:\WINDOWS\system32\CfgSrvc.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Google Update Service (gupdate1c98697a6707e86) (gupdate1c98697a6707e86) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HSSP Configuration Module (HsspConfig) - Unknown owner - C:\WINDOWS\system32\CfgSrvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: Retrospect Express HD Helper (RetroExp Helper) - EMC Corporation - C:\Program Files\Iomega StorCenter\retrospect\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Corporation - C:\Program Files\Iomega StorCenter\retrospect\retrorun.exe
O23 - Service: Sabre Printing Module (SabrePrint) - Sabre Inc. - C:\SABRE\Apps\OADP\Oadp.exe
O23 - Service: Sabre Device Manager (SDMan) - Unknown owner - C:\WINDOWS\SDMan.EXE
O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: O?cnao?a Vodafone Mobile Broadband (VmbService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe

--
End of file - 12726 bytes
 
Yeah! We got it! You can't bring up the search engines because the searches are all set to go through Nortel SSL-VPN.

Download HostXpert 4.4 and save it to the desktop
  • Unzip HostsXpert.zip
  • It will create a folder named HostsXpert in whatever folder you extract it to.
  • Double click HostsXpert.exe to run..
  • Click Restore MS Hosts File and then click OK.
  • Click the X to exit the program
=====================================
You are currently using HijackThis from a temporary directory- this can cause problems.HijackThis creates backups, these are needed in case of any recovery issues.

Please create a directory on your C:\ drive called C:\HJT, download and unzip HijackThis into that directory. Run the program from that directory from now on.

Steps to create the folder
  1. Please go to My Computer> Double click on the Local Drive(C)> Select: New >> Folder and name the folder HJT.
  2. Download HijackThis to the new folder:
  3. Double Click on 'HijackThis.zip' to extract and install HijackThis.exe to the new folder.
  4. Close ALL windows except HJT
  5. Scan> SAVE LOG. (a notepad window will open with the log in it when you click Save Log) (Ctrl-A to'select all', Ctrl-C to 'copy')> Use Ctrl-X to paste into Notepad and post the log.
  6. Don't make any changes in the log.
====================================
Reboot the computer and try the other search engines. Do they come up now?
===================================
 
No luck once again Bobbye.

I restored the Hosts file (which i had actually done once manually before i started the thread), saved the log from HijackThis, tried to access http://www.google.com and perform a search from the browser's search box but nothing. Same as before. Tried it with IE, Chrome, FF and Opera. Rebooted and tried again but still nothing.

Those entries must have something to do with our work software because now it can't log in. Don't worry, that's happened before, if i delete all the files in the "etc" folder (the software's Tech Support recommendation) it's usually fixed. I haven't done that though right now.

I think this is getting us nowhere, perhaps it's time for a format and be done with it, what do you think?

Here's the HJT log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:50:23, on 08/10/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\CfgSrvc.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\WINDOWS\system32\CfgSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Iomega StorCenter\retrospect\retrorun.exe
C:\WINDOWS\SDMan.EXE
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\SABRE\Apps\OADP\Oadp.exe
C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\FSRremoS.EXE
C:\WINDOWS\system32\Pelmiced.exe
C:\PROGRA~1\IOMEGA~1\RETROS~1\RetroExpress.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\KeePass Password Safe\KeePass.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\SABRE\Apps\OADP\OadpUtil.exe
C:\WINDOWS\sabserv.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Documents and Settings\Sabre\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Iomega StorCenter\retrospect\retrospect.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {D79559E8-9991-41C5-AA2B-A96EC766F43F} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\IOMEGA~1\RETROS~1\RetroExpress.exe /h
O4 - HKLM\..\Run: [KeePass 2 PreLoad] "C:\Program Files\KeePass Password Safe\KeePass.exe" --preload
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [MobileBroadband] C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [KeePass Password Safe 2] "C:\Program Files\KeePass Password Safe\KeePass.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: CleanupNortelVPN.bat
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Sabre\Application Data\Dropbox\bin\Dropbox.exe
O4 - Startup: Opera.lnk = C:\Program Files\Opera\opera.exe
O4 - Startup: Outlook 2007.lnk = ?
O4 - Startup: Sabre Red Workspace.lnk = C:\Program Files\Sabre Red Workspace\Profiles\T252_9114\mysabre.exe
O4 - Global Startup: Iomega StorCenter.lnk.disabled
O4 - Global Startup: OADP Utility.lnk = C:\SABRE\Apps\OADP\OadpUtil.exe
O4 - Global Startup: Sabre Printing Start.lnk = C:\SABRE\Sabstart.exe
O4 - Global Startup: Sabre Server.lnk = C:\WINDOWS\sabserv.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1226583171046
O16 - DPF: {A3E21079-7F41-4125-9EBB-FD44CFCC0AC1} (WLCTSCControl Class) - https://www.mesh.com/0.9.4014.13/TSWeb.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Config Service Helper (CfgSrvc) - Unknown owner - C:\WINDOWS\system32\CfgSrvc.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Google Update Service (gupdate1c98697a6707e86) (gupdate1c98697a6707e86) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HSSP Configuration Module (HsspConfig) - Unknown owner - C:\WINDOWS\system32\CfgSrvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: Retrospect Express HD Helper (RetroExp Helper) - EMC Corporation - C:\Program Files\Iomega StorCenter\retrospect\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Corporation - C:\Program Files\Iomega StorCenter\retrospect\retrorun.exe
O23 - Service: Sabre Printing Module (SabrePrint) - Sabre Inc. - C:\SABRE\Apps\OADP\Oadp.exe
O23 - Service: Sabre Device Manager (SDMan) - Unknown owner - C:\WINDOWS\SDMan.EXE
O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: O?cnao?a Vodafone Mobile Broadband (VmbService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe

--
End of file - 10211 bytes
 
Status
Not open for further replies.
Back